What are HTTP or Browser Cookies?

Jul 16

-

What’s a browser cookie?

You visit a website and your browser starts requesting all the files that constitute the website. So your browser asks the server, “Can I have image_011.jpeg?” and the web server says, “Yeah, here you go and take this thing with you and bring it back when you come back next time so I know it’s you.” Your browser says “okaythx” and then returns a nanosecond later: “Hello – can I have image_001a.jpg? And, I have this thing you gave me last time.” And then the server says, “Oh it’s you again. I remember you.”

At this point you’ve probably figured out that the mentioned “thing” is the cookie. This post is far from a complete description and it doesn’t go into why a server may want to recognize a client browser but that’s stuff you can easily look up elsewhere and I said we were going to keep this short.

What’s the Difference Between First Party & Third Party Cookies?

The thing to understand is that there is no intrinsic difference between a first-party cookie and a third-party cookie. There’s only cookies. The distinction exists only at run-time, within the context of a particular visit. Your browser maintains a collection of cookies. Your browser receives a request from a website’s server to store a cookie, and depending on your browser settings, it adds the file to a cookie collection stored on your device’s storage disk. There isn’t a separate collection of first-party cookies and a separate collection of third-party cookies. There’s just one collection of cookies.

If a cookie is associated with a file requested from the same domain as the page you are viewing, it’s a first-party cookie. A cookie associated with a file requested from a different domain than the site you’re on, is a third-party cookie. That’s it.

Notice that the same cookie can be a first-party cookie one minute and a third-party cookie the next. For instance, when you visit twitter.com your browser sets several cookies associated with the *.twitter.com domain name. In the context of your stay on Twitter these are first-party cookies. If you then visit huffingtonpost.com, Huffington Post requests files from the twitter.com domain and those requests include the same *.twitter.com cookies, they are now third-party cookies.